An Introduction to Tiger Terminal, Part 3

Part One of Introduction to Tiger Terminal began with shell basics (pwd, ls, cat, sudo, kill, using nano (the pico replacement), and followed with Part Two, which took a look at external volumes, using ssh, scp, sftp and rsync. Here, in Part Three, we'll look at some helpful commands that you can use to view information about your network.

GUI vs. CLI

Mac OS X put a GUI wrapper around a set of network command line utilities and called this app Network Utility. It resides in /Applications/Utilities. (You can use the Shift-Command-U key combination to quickly open the Utilities folder from the Finder.) Let's take a quick look at the GUI front end:

Each of the tabs along the top of the Network Utility.app has a command line equivalent. Why would you want to use the command line to run these tools instead of just using the GUI version? As we've seen in previous examples, the command line offers more options and flexibility for gleaning information. We'll see this in the examples that follow. As with all commands that we use, remember to check out the man pages for detailed definitions, examples, and optional flags.

Figure 1: Network Utility.app

ifconfig

On most Unix systems, ifconfig (interface configure) is used to make the Ethernet card or other interface (Airport, for example) accessible to the network layer by assigning an IP address and activating the interface. Let's look at how we can get information about our system's interfaces by running ifconfig with the -a flag (which tells ifconfig to include all the interfaces on our system in the output):

Figure 2: ifconfig -a

Sheesh, so what does this actually tell us? The first device listed is lo0, which is the loopback device (the virtual net device representing the local host net interface, lo) which is set to 127.0.0.1. The Ethernet card is indicated by en0 (which is turned off, in my case) and the active Airport card is en1. Since my Airport connection is active, we see a lot of information about it: the first line tells me that my Airport status is "UP", the third line tells me that it has an Internet ("inet") address of 10.0.1.5 with a valid Subnet Mask ("netmask") of 0xffffff00 which is the same as 255.255.255.0 and that it has a valid broadcast address of 10.0.1.255. The last line describes my FireWire interface (fw0). The other two lines describe interfaces that are outside the scope of this article: gif0, the IPv6 generic tunnel interface, and stf0 ("6to4"), which tunnels IPv6 traffic over IPv4.

netstat

Next, let's look at netstat which, as the name implies, will output a variety of statistics about our network. We'll run netstat with the -r option, which will list the contents of the IP routing table (Be patient!):

Figure 3: netstat -r

Adding the -n option will avoid hostname lookup (In other words, the -n option tells netstat not to convert addresses and port numbers to names.) and will speed up the execution of the command by quite a bit. The syntax would then be netstat -r -n. Another useful netstat flag is -a which displays all open connections on the host. The implication here is that by looking at this output, you can monitor how data goes in and out of your machine. Unexpected listening processes might indicate that your system has been compromised. This is particularly useful if you're running a server and engaging in best practices by keeping a close eye on your system!

To see how many packets are moving through my active network interface (my Airport card, in this case) and how many errors are occurring, I'd run netstat -I en1 -w 5 where -I en1 indicates my active interface and -w 5 tells netstat to update ("wait") the display every five seconds. You can quit the command by using the key combination, control-Z (^Z):

Figure 4: netstat -I en1 -w 5

appletalk

We'll just touch on this one, since it's a legacy protocol, but many educational institutions still support it. Typing appletalk at the shell prompt will give you a list of what the appletalk command can do. For example, appletalk -n will give you this:

Figure 5: appletalk -n

Other useful commands include appletalk -h, which checks the default zone, appletalk -z, which shows the zone list, and appletalk -s, which shows appletalk statistics and error counts. You can also startup (appletalk -u for single port mode, for instance) and shut down appletalk (appletalk -d) from the CLI.

ping

The ping command is used to see if a machine is alive and operating, if network connections are intact, how many hops lie between two computers and the amount of time it takes for the ICMP ECHO_REQUEST packet to make the loop. It can also test out name resolution. (If the packet bounces when sent to the IP address, but not to the name, then the system is having problems matching the name to the address.)

The packets are sent in a series and the "time=" tells you how long it takes to get a response. By default, the ping command keeps sending packets until you stop the command by using the key combination Control-C (^C). After you stop the ping command, you'll see the output of ping statistics: how many packets were transmitted, how many were received, percent packet loss, and round-trip times.

You can decide how many packets you want to send by using the -c (count) option, like this:

Figure 7: ping -c 6 samsmacmini.local

In this case, instead of the IP address, I used the domain name of my son's computer (samsmacmini.local), which you can see comes directly from the Sharing pref pane: